• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Rpt trendlabs-3q-2013-security-roundup
 

Rpt trendlabs-3q-2013-security-roundup

on

  • 478 views

 

Statistics

Views

Total Views
478
Views on SlideShare
408
Embed Views
70

Actions

Likes
0
Downloads
4
Comments
0

4 Embeds 70

http://911-center.blogspot.com 29
http://911-center.blogspot.ru 21
http://912.by 17
http://sitebuilder.atservers.net 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Rpt trendlabs-3q-2013-security-roundup Rpt trendlabs-3q-2013-security-roundup Document Transcript

    • TrendLabsSM 3Q 2013 Security Roundup The Invisible Web Unmasked
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Contents 1| 6| CYBERCRIME: Takedowns, Banking Trojans, Site Compromises, and Refined Malware Techniques Seen MOBILE: Mobile Malware and High-Risk Apps: 1-Million Strong 10 | DIGITAL LIFE SECURITY ISSUES: 12 | EXPLOITS AND VULNERABILITIES: 13 | TARGETED ATTACKS: On Privacy and Data Theft: A New “Identity Crisis” Java Vulnerabilities Remain a Major Concern Sykipot Targets Aviation Data 15 | Appendix
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Introduction News about cybercrime circulated in recent months. The takedown of Liberty Reserve, an illegal digital currency system, and the recent seizure of the online black market, Silk Road, were among the many incidents this quarter that triggered greater public awareness of online threats.1 The arrest of the alleged Blackhole Exploit Kit creator in October also proved that cybercrime is indeed a business that thrives right under our noses.2 observed malware operation refinements like EXPIRO’s use of the Styx Exploit Kit and MEVADE malware’s use of The Onion Router (TOR) network. Cybercriminals continued to refine their techniques this quarter. Online banking malware infections increased in several regions, including the United States and Japan. We also caught a glimpse of the massive scale of compromised sites. Our research on BKDR_FIDOBOT showed that the backdoor was used to attack more than 17,000 domains in a day. We also Internet Explorer® and Java security issues continued to put computers at risk, as a couple of zero-day exploits were discovered this quarter. Document exploits remained a staple in spear-phishing emails related to targeted attacks though we noted improvements in the Sykipot malware family, which now targets information related to civil aviation. On the mobile front, the number of malicious and high-risk Android™ apps surpassed the 1-million mark like we predicted. A significant portion of these dangerous apps were disguised as either fake or Trojanized versions of popular apps.
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Cybercrime Takedowns, Banking Trojans, Site Compromises, and Refined Malware Techniques Seen Law enforcement agencies took home several wins, affecting the current threat landscape. The Liberty Reserve takedown caused cybercriminals to scramble for alternative currencies. They had to resort to other means like using Bitcoins to continue their operations. The infamous Silk Road takedown also showed the hidden but equally nefarious side of cybercrime, particularly the use of the Deep Web to hide illegal site networks. Lastly, the alleged Blackhole Exploit Kit author known as “Paunch” made headlines when he was arrested in early October.3 These positive developments in law enforcement spurred awareness of cybercriminal underground elements that most Internet users were not privy to.4 Overall Trend Micro™ Smart Protection Network™ Numbers 2,876 7.5B 574M 495M 8B 7B 2,817 7.5B 606M 414M 6B 2,697 7.2B 586M 392M NUMBER OF THREATS BLOCKED PER SECOND TOTAL NUMBER OF THREATS BLOCKED 5B 4B 6.4B 3B 6.5B 6.2B NUMBER OF MALICIOUS FILES BLOCKED NUMBER OF MALICIOUS URLs BLOCKED 2B 1B 0 JUL AUG SEP NUMBER OF SPAMSENDING IP ADDRESSES BLOCKED We were able to protect Trend Micro customers from an average of 2,797 threats per second this quarter. 1 | Cybercrime
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup DOWNAD/Conficker remained the top malware this quarter. Adware packaged with fake software offers continued to victimize Internet users. Despite being the top malware though, the number of DOWNAD/ Conficker infections decreased to 345,000 from last quarter’s 509,000, possibly due to number of users who upgraded OSs in light of the impending end of support for Windows® XP. Top Malware WORM_DOWNAD.AD 345K ADW_BPROTECT 246K ADW_BHO 238K 100,000 1,000 100 10 1 DOWNAD/Conficker remained the top malware for three consecutive quarters while adware continued to trail behind. 2 | Cybercrime
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Top Malware by Segment ENTERPRISE NAME SMB VOLUME WORM_DOWNAD.AD 205K CONSUMER NAME VOLUME WORM_DOWNAD.AD 33K NAME VOLUME ADW_BHO 158K 138K ADW_BPROTECT 28K HKTL_PASSVIEW 7K ADW_BPROTECT PE_SALITY.RL 17K TROJ_FAKEAV.BMC 5K TROJ_FAKEAV.BMC 87K Consumers likely download adware most because they were often packaged with fake free software. Enterprises and small and medium-sized businesses (SMBs), meanwhile, were most affected by DOWNAD/Conficker. Banking Trojan Volume Surge The online banking malware volume surged this quarter. They spread across the globe and no longer concentrated on certain regions like Europe and the Americas. We continued to see this trend, with infection counts going beyond the 200,000 mark, the highest infection number since 2002. Online Banking Malware Infections 250K 200K 202K 150K 100K 131K 146K 113K 2013 132K 125K 2012 110K 50K 0 Q1 Q2 Q3 Q4 Online banking malware accounted for more than 200,000 detections this quarter—the highest-recorded volume since 2002. 3 | Cybercrime
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Top Online Banking Victim Countries A large portion of online banking malware infections were due to ZeuS/ZBOT Trojans. ZeuS/ZBOT variants were, in fact, the most distributed malware by spam this quarter. New ZBOT variants emerged, specifically KINS malware, which came armed with anti-debugging and anti-analysis routines. Citadel variants, meanwhile, continued to plague Japan, particularly targeting financial institutions and varied Webmail services like Yahoo!® Japan and Gmail™, among others.5 COUNTRY SHARE USA 23% Brazil 16% Japan 12% India 6% Australia 3% France 3% Germany 2% Vietnam 2% Taiwan 2% Mexico 2% Others 29% The United States and Brazil remained the most-affected countries by online banking malware. Japan, meanwhile, rose to the third from the fifth spot last quarter, largely due to the increase in Citadel malware infections. Compromising Sites: A Norm? Cybercriminals routinely use compromised sites to hide their tracks and host malware, spam templates, and redirection tools. Spambots like Stealrat heavily relied on techniques like using compromised sites to cloak malicious operations.6 How Users End Up on Compromised Sites Data sent to compromised site 1 is used to construct email template Victim gathers spam data* from spam server then sends to compromised site 1 User receives spam that contains links to compromised site 2 * Spam data includes the backup email server's URL, the sender's name, the recipient's address, and the email template. 4 | Cybercrime
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup We got a glimpse of the scale of site compromises by investigating BKDR_ FIDOBOT. This backdoor brute-forced its way into sites that ran on either Joomla!™ or WordPress and was used to attack more than 17,000 domains in a single day.7 The majority of affected sites were either owned by individuals or small businesses and hosted in the United States. Refined Malware Techniques and Hidden Networks Other notable malware this quarter include EXPIRO.8 The malware first surfaced in 2010 and was known to infect files. Recent variants that emerged this quarter, however, stole FTP credentials. The EXPIRO variants used in attacks last July were also distributed using the Styx Exploit Kit.9 In the latter part of August, we observed MEVADE malware download a TOR component to initiate widespread connections to specific sites.10 This was the reason behind reports of a growth in the number of TOR users.11 TOR allowed cybercriminals to more effectively hide their command-and-control (C&C) servers. It is also virtually impossible to take down a TOR-hidden service. MEVADE malware also spread alongside certain adware variants via a downloader disguised as an Adobe® Flash® Player update.12 When Popular Online Banking Crimeware Were Discovered ZeuS Gozi 2006 2007 Cridex, Shylock, Tatanga, Tinba, Carberp Ice IX, Zitmo, and and and SpyEye Citadel Spitmo 2009 2010 2011 KINS 2013 This quarter, we saw a resurgence of banking malware, which started making headlines with the introduction of the ZeuS toolkit way back in 2006. 5 | Cybercrime
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Mobile Mobile Malware and High-Risk Apps: 1-Million Strong Before 2013 ended, the number of malicious and high-risk apps targeting the Android platform reached the 1-million mark. Among these, 80% were malicious in nature, topped by premium service abusers. Premium service abusers are known to send unauthorized text messages to certain numbers and often register users to premium-rate services. This type of malicious app is especially popular in Russia, most likely due to the country’s lack of “standard” app stores.13 The remaining 20% were considered highrisk apps, including those that aggressively pushed ads to users, also known as “adware.” Adware infections eventually lead to device information theft. 60% 1M JUL 820K AUG 851K SEP 1M .5M 0 The number of malicious and high-risk apps steadily increased from July to August but, come September, reached the 1-million mark. Top Threat Type Distribution 55% 40% Android Threat Volume Growth 27% 22% 20% 12% 9% 2% 0 PREMIUM SERVICE ABUSER ADWARE DATA STEALER REMOTE CONTROLLER MALICIOUS DOWNLOADER HACKING TOOL Like last quarter, premium service abusers comprised more than half of the mobile threats this quarter though the number of mobile adware also increased to regain the top 2 post. 6 | Mobile
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Top Android Malware Families 1. OPFAKE 27% 2. FAKEINST 24% 3. GOYEAR 10% 4. GINMASTER 7% 5. JIFAKE 6% 6. MSEG 4% 7. ADPANDA 3% 8. ADTGPTT 3% 9. BOXER 2% 10. SMSREG 2% Others 12% Cross-Platform Threats Pose Mobile Security Risks Beyond the dangers malicious apps posed, mobile devices were also hit by threats that transcended platforms. These include a fake WhatsApp email containing a link that, when clicked using a mobile device, may lead to a site that hosts a premium service abuser.14 This was not the first time that mobile devices were targeted by multi-platform threats. In this case though, the attackers opted to use spam as infection vector instead of relying on a more “direct” approach like blackhat search engine optimization (SEO) or social media abuse. 7 | Mobile Another cross-platform issue was the rise of the number of phishing sites specifically designed for mobile devices. According to data we gathered from January to September this year, we noted a 53% increase in the number of phishing sites compared with the same period last year. This quarter, 42% of the sites spoofed banks and other financial institutions.15
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Vulnerabilities and Exploits Compound Mobile Security Woes The discovery of the “master key” vulnerability last quarter highlighted cybercriminals’ ability to find ways to “update” legitimate apps with malicious code to affect nearly every Android device. This quarter, we witnessed continued abuse of this vulnerability to churn out Trojanized versions of a well-known online banking app.16 The Black Hat cybersecurity conference last July additionally touched on other points pertaining to mobile security. A SIM card flaw that could allow attackers to obtain a its digital key was, for instance, discovered. Also at the conference, researchers from the Georgia Institute of Technology showed off a proof-of-concept (POC) charger that could allow attackers to execute malicious commands on devices that ran on the latest iOS version.17 Where Users Stumbled Upon Malicious and High-Risk Apps SITES APP STORES 80% 27% OTHERS 1% While 27% of malicious and high-risk apps came from app stores, they were also seen in other sources like malicious sites. Note that the total only represents 42% of the overall number of malicious apps sourced from August 2010 to September 2013. 8 | Mobile
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup What Premium Service Abusers Do DELETE DATA access your 96% cancard data SD MONITOR MESSAGES 92% can read your messages SEND DEFAULT MESSAGES VIEW CONTACTS 48% can access your contact list TRACK LOCATION 14% can track your location 86% can send out predefined messages Mobile devices are vulnerable to threats like information theft when infected by premium service abusers, which remained the top mobile threat type this quarter. Based on research covering the period, November 2012–May 2013, premium service abusers can affect devices in various ways. 9 | Mobile
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Digital Life On Privacy and Data Theft: A New “Identity Crisis” Recent events and threats surrounding social media and personal information paved the way for resurfacing issues on data security, also known as a new type of “identity crisis.” Internet users are still constantly being challenged by managing and preventing their personal information from falling into cybercriminals’ hands. Among the numerous threats that aim to steal personal information, phishing scams made a notable impact this quarter due to a massive increase in Apple-related phishing sites.18 The spike was likely caused by the clamor for the latest Apple products and developments over the past few months, including rumors last May about the iOS 7 release. Another spike in the phishing site volume was seen last June and July when rumors about the iPhone 5c spread. Last September, we saw a spam run use the newly released iPhone models as lure to steal personally identifiable information (PII).19 Apple-Related Phishing Page Volume Growth 5,800 6K 5K 4,100 4K 2,500 3K 1,900 1,800 2K 1K 300 500 100 300 MAR APR 0 JAN FEB MAY JUN JUL AUG The rise in Apple-related phishing pages continued even after the huge spike last May. 10 | Digital Life SEP
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Mobile banking users were not spared from attacks that leveraged similar social engineering techniques. We found a phishing site that mimicked a well-known financial institution designed to gather crucial data like log-in credentials, email addresses, and even government-issued IDs.20 they hijacked users’ social media account credentials, specifically those for Facebook, Google+, and Twitter.22 This quarter was also plagued by a slew of fake Twitter accounts that lured followers to sites that supposedly hosted hacking tools for both Facebook and Twitter but instead led to survey scams.23 Security threats on social media persisted this quarter, most notably those that took advantage of users with rich digital lives. A “free followers” scam showed how cybercriminals made a quick buck by offering fake followers, “likes,” and retweets to interested buyers.21 Despite these security setbacks, some positive developments pertaining to managing online accounts were introduced. These include the Touch ID fingerprint sensor on the iPhone 5s, a security tool meant to make it easier for owners to unlock their phones compared with using a PIN code.24 Though Apple’s effort to secure users’ online accounts was commendable, it must not be considered a cure-all because user behavior is still a crucial security factor. Threats targeting social media were not limited to “free followers” scams this quarter. We also saw malware disguised as fake video player updates make the rounds on social networking sites. When installed, Notable Social Engineering Lures Used SUMMER WHATSAPP MOVIES OBAMACARE ENDER’S GAME PLANTS vs. ROYAL BABY ZOMBIES iPHONE 5s and 5c 11 | Digital Life
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Exploits and Vulnerabilties Java Vulnerabilities Remain a Major Concern After several zero-day incidents at the beginning of the year, Java vulnerabilities remained a crucial concern. This quarter, a Java 6 vulnerability exploit was included in the Neutrino Exploit Kit.25, 26 Because Oracle stopped supporting this version, all affected software will no longer receive security updates and fixes, including for the recently identified bug. Even worse, the Oracle announcement means that around 31 recently disclosed vulnerabilities will never be patched. Just a week after the September Patch Tuesday, a zero-day Internet Explorer exploit that affected even the latest version was discovered.27 Microsoft immediately released a fix to address the issue though. Old vulnerabilities remained a favorite cybercriminal target, as our research on Apache Struts showed.28 Our investigation revealed that the Chinese underground created automated tools to exploit bugs in older versions of Apache Struts, just three days after the flaws were made known to the public. How Exploits Dodge Security 1 Crawl URL A 4 Site loads 2 Check if IP address is in database MALICIOUS SITE A 3 If IP address is not in database *Attackers keep a list of IP addresses they believe researchers use and block access from these. RESEARCHER BACKEND DATABASE 5 Crawl URL B 8 Site does not load 12 | Exploits and Vulnerabilties 6 Check if IP address is in database MALICIOUS SITE B 7 If IP address is in database
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup TARGETED ATTACKS Sykipot Targets Aviation Data Targeted attack campaigns continued to go after various targets like governments, large organizations, and enterprises. Attackers typically aim to exfiltrate or steal data from targets. One such campaign that recently underwent some modifications was Sykipot. vulnerabilities in spear-phishing attacks. One widely attacked vulnerability was the MSCOMCTL.OCX RCE Vulnerability, also known as “CVE-2012-0158,” which was addressed by Microsoft with MS12-027 as early as April last year.30 The Sykipot campaign was first seen in 2007. It initially targeted industries like telecommunications, computer, government, and aerospace, among others but remains active to this day.29 We did observe recent changes to the campaign’s operations though, including using updated identifiers, drive-by exploits, and dynamic link library (DLL)/ process injections. It now also targets civil aviation information. Following the release of the latest Apache Struts version, meanwhile, we found automated tools that exploit vulnerabilities found in older versions of the software sold underground. We also saw some targeted attacks exploit the said bugs in Asia. While monitoring targeted attacks, we continued to see the use of old, patched 13 | Targeted Attacks .PKZIP and .MIME files were the top file types threat actors used to attack their intended victims via spear phishing. Common file types like documents and spreadsheets were also used to gain entry to target networks.
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup File Types Used in Spear-Phishing Emails Related to Targeted Attacks MIME PKZIP RAR RTF JUL PPS/PPT AUG DOC SEP EXE/DLL XLS ZIP PDF 0 10% 20% Government agencies were the top attack targets this quarter, followed by telecommunications and IT/software 14 | Targeted Attacks 30% 40% 50% companies. Enterprises should fortify their networks to avoid becoming a victim of targeted attacks.
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Appendix Top Spam Languages 1. English 89.39% 2. Chinese 2.49% 3. Japanese 1.88% 4. German 0.95% 5. Russian 0.70% 6. Portuguese 0.24% 7. Spanish 0.16% 8. French 0.08% 9. Icelandic 0.07% 10. Turkish Others 0.05% 3.99% English remained spammers’ most preferred language because it is most used worldwide. Top Spam-Sending Countries 1. USA 9.16% 2. Argentina 6.71% 3. Italy 6.69% 4. Spain 6.45% 5. India 6.16% 6. Taiwan 4.31% 7. Colombia 4.26% 8. Peru 3.97% 9. Mexico 3.82% 10. Germany 3.27% Others 45.20% Consistent with the top spamming language, the USA sent out the most spam. Latin American countries like Argentina, Spain, Colombia, Mexico, and Peru remained part of the top 10. 15 | Appendix
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Top Malicious Domains Blocked DOMAINS REASONS ads.alpha00001.com Hijacks well-known web browsers to redirect users to fake sites, including ad sites trafficconverter.biz Hosts and distributes worms, particularly DOWNAD/Conficker http :// adsgangsta . com Related to exploit kit operations http :// www . ody . cc Related to sites hosting BKDR_HPGN.B-CN az7t8.com Involved in attacking high-traffic sites ckstatic.com Involved in attacking high-traffic sites announce.opensharing.org Hosted hacking software and used in peer-to-peer promos.fling.com Involved in a zombie network spread from an adult dating site. http :// labambaka . com Hosts and distributes malware, related to spamming international-spcsz.ru Hosts and distributes malware, related to spamming The top malicious domains this quarter hosted sites that hijacked Web browsers to redirect users to fake ad sites. This most likely led to the increase in adware this quarter. Number of Connections to Botnets per Month 12.7M JULY 10.7M AUGUST 13.9M SEPTEMBER 0 2M 4M 6M 8M 10M 12M The number of connections to botnets increased in July but dipped in August before rising again in September. 16 | Appendix 14M
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Malicious URL Country Sources COUNTRY SHARE 1 USA 24% 2 Netherlands 3% 3 China 3% 4 Germany 3% 5 France 3% 6 South Korea 2% 7 UK 2% 8 Russia 1% 9 Japan 1% 10 Canada 1% Others 57% Like last quarter, a significant share of the malicious URLs found this quarter were hosted in the United States. Countries That Most Accessed Malicious URLs COUNTRY SHARE 1 USA 35% 2 Japan 14% 3 China 7% 4 India 4% 5 Taiwan 4% 6 South Korea 4% 7 Germany 3% 8 Australia 3% 9 Russia 2% 10 UK 2% Others 22% Most of the users that accessed malicious URLs were from the United States this quarter. 17 | Appendix
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Countries with the Greatest Number of Botnet Connections COUNTRY SHARE 1 USA 25% 2 Malaysia 19% 3 Portugal 4% 4 Russia 4% 5 Canada 4% 6 South Korea 4% 7 Belgium 3% 8 Colombia 2% 9 Germany 2% 10 Netherlands 2% Others 31% The United States recorded the greatest number of connections to botnets this quarter. Malaysia slipped to second place, as the political tension subsided in the country. Countries with the Highest Malicious Android App Download Volumes 1. Ukraine 13% 2. Myanmar [Burma] 10% 3. Libya 7% 5. Vietnam 5% 6. Russia 4% 7. Argentina 4% 8. Antigua and Barbuda 4% 9. Canada 6 1 9% 4. Nigeria 9 3% 10. India 3 8 4 10 2 5 7 3% Ukraine recorded the highest malicious app download volume, overtaking the UAE, which dropped out of the list. This could be attributed to the increased in popularity of smartphones in Eastern Europe. The mobile growth in Nigeria and Argentina could also be the reason for their inclusion. The ranking was based on the percentage of apps categorized as “malicious” over the total number of apps scanned per country. The ranking was, however, limited to countries with at least 10,000 scans. 18 | Appendix
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup Countries Most at Risk of Privacy Exposure Due to App Use 1. Kazakhstan 26% 2. Uganda 20% 3. Ukraine 11% 4. India 10% 5. Argentina 9% 6. Philippines 7% 8. Thailand 7% 9. Canada 7 2 1 4 10 8 6 7% 7. Antigua and Barbuda 3 9 7% 10. Myanmar [Burma] 5 6% This quarter, new entries like Kazakhstan, Uganda, and Ukraine topped the list of countries most at risk of privacy exposure. This could be partly due to the growing popularity of smartphones in the countries. The ranking was based on the percentage of apps categorized as “privacy risk inducers” over the total number of apps scanned per country. The ranking was, however, limited to countries with at least 10,000 scans. 19 | Appendix
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup References 1. Trend Micro Incorporated. (July 16, 2013). TrendLabs Security Intelligence Blog. “Post Liberty Reserve Shutdown—What Is Next?” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/post-liberty-reserve-shutdown-whats-next/. 2. Charlie Osborne. (October 9, 2013). ZDNet. “Blackhole Malware Toolkit Creator ‘Paunch’ Suspect Arrested.” Last accessed October 29, 2013, http://www.zdnet.com/blackhole-malware-toolkit-creator-paunch-arrested-7000021740/. 3. Merianne Polintan. (September 16, 2013). TrendLabs Security Intelligence Blog. “ZeuS/ZBOT Most Distributed Malware by Spam in August.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/zeuszbot-most-distributed-malware-by-spam-in-august/. 4. Gelo Abendan. (August 20, 2013). TrendLabs Security Intelligence Blog. “Can KINS Be the Next ZeuS?” Last accessed October 29, 2013, http://blog. trendmicro.com/trendlabs-security-intelligence/can-kins-be-the-next-zeus/. 5. Trend Micro Incorporated. (September 2, 2013). TrendLabs Security Intelligence Blog. “Citadel Makes a Comeback, Targets Japan Users.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a-comeback-targets-japan-users/. 6. Jessa De La Torre. (August 5, 2013). TrendLabs Security Intelligence Blog. “How to Check If Your Website Is Part of the Stealrat Botnet.” Last accessed, October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/how-to-check-if-your-website-is-part-of-the-stealrat-botnet/. 7. Philippe Lin. (September 5, 2013). TrendLabs Security Intelligence Blog. “Joomla! and WordPress Sites Under Constant Attack from Botnets.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/joomla-and-wordpress-sites-under-constant-attack-frombotnets/. 8. Rhena Inocencio. (July 15, 2013). TrendLabs Security Intelligence Blog. “File Infector EXPIRO Hits U.S., Steals FTP Credentials.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/file-infector-expiro-hits-us-steals-ftp-credentials/. 9. Trend Micro Incorporated. (July 19, 2013). TrendLabs Security Intelligence Blog. “More Details on EXPIRO File Infectors.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/more-details-on-expiro-file-infectors/. 10. Feike Hacquebord. (September 5, 2013). TrendLabs Security Intelligence Blog. “The Mysterious MEVADE Malware.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/the-mysterious-mevade-malware/. 11. Roger Dingledine. (August 27, 2013). Tor Project. “Many More TOR Users in the Past Week?” Last accessed October 29, 2013, https://lists.torproject. org/pipermail/tor-talk/2013-August/029582.html. 12. Roddell Santos. (September 6, 2013). TrendLabs Security Intelligence Blog. “Adware Spread Alongside MEVADE Variants, Hits Japan and U.S.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/us-taiwan-most-affected-by-mevade-malware/. 13. Rowena Diocton. (September 17, 2013). TrendLabs Security Intelligence Blog. “Connecting the Dots: Fake Apps, Russia, and the Mobile Web.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/connecting-the-dots-fake-apps-russia-and-the-mobile-web/. 14. Peter Yan. (September 13, 2013). TrendLabs Security Intelligence Blog. “Spam Leads to Multi-Platform Mobile Threat.” Last accessed, October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/spam-leads-to-multi-platform-mobile-threat/. 15. Trend Micro Incorporated. (2013). Monthly Mobile Review. “A Look at Mobile Banking Threats.” Last accessed October 29, 2013, http://about-threats. trendmicro.com/us/mobile/monthly-mobile-review/2013-08-mobile-banking-threats. 16. Peter Yan. (August 2, 2013). TrendLabs Security Intelligence Blog. “Master Key Android Vulnerability Used to Trojanize Banking App.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/master-key-android-vulnerability-used-to-trojanize-banking-app/. 17. Gelo Abendan. (August 8, 2013). TrendLabs Security Intelligence Blog. “Exploiting Vulnerabilities: The Other Side of Mobile Threats.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/exploiting-vulnerabilities-the-other-side-of-mobile-threats/. 18. Paul Pajares. (October 1, 2013). TrendLabs Security Intelligence Blog. “Apple Spikes as Phishing Target.” Last accessed October 29, 2013, http://blog. trendmicro.com/trendlabs-security-intelligence/apple-spikes-as-phishing-target/. 19. Merianne Polintan. (September 10, 2013). TrendLabs Security Intelligence Blog. “iPhone 5s Phishing Mail Arrives in Time for Launch.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/iphone-5s-phishing-mail-arrives-in-time-for-launch/. 20 | References
    • TREND MICRO | TrendLabs 3Q 2013 Security Roundup 20. Arabelle Ebora. (August 13, 2013). TrendLabs Security Intelligence Blog. “Mobile Phishing Attack Asks for Government IDs.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-phishing-attack-asks-for-users-government-ids/. 21. Karla Agregado. (August 1, 2013). TrendLabs Security Intelligence Blog. “From Fame to Shame: Busting the ‘Free Followers’ Myth in Social Media.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/from-fame-to-shame-busting-the-free-followers-myth-insocial-media/. 22. Don Ladrones. (July 30, 2013). TrendLabs Security Intelligence Blog. “Malware Hijacks Social Media Accounts Via Browser Add-Ons.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/malware-hijacks-social-media-accounts-via-browser-add-ons/. 23. Jonathan Leopando. (October 20. 2013). TrendLabs Security Intelligence Blog. “Twitter Still Being Used by Shady Hackers.” Last accessed, October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/twitter-still-being-used-by-shady-hackers/. 24. Paul Oliveria. (September 17, 2013). TrendLabs Security Intelligence Blog. “Fingerprint Scans, Passwords, and Managing Online Accounts.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/fingerprint-scans-passwords-and-managing-online-accounts/. 25. Gelo Abendan. (August 27, 2013). TrendLabs Security Intelligence Blog. “Java 6 Zero-Day Exploit Pushes Users to Shift to Latest Java Version.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/java-6-zero-day-exploit-pushes-users-to-shift-to-latest-javaversion/. 26. Anthony Melgarejo. (March 12, 2013). TrendLabs Security Intelligence Blog. “A New Exploit Kit in Neutrino.” Last accessed October 29, 2013, http:// blog.trendmicro.com/trendlabs-security-intelligence/a-new-exploit-kit-in-neutrino/. 27. Pavan Thorat. (September 18, 2013). TrendLabs Security Intelligence Blog. “New IE Zero Day Is Actively Exploited in Targeted Attacks.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/new-ie-zero-day-is-actively-exploited-in-targeted-attacks/. 28. Noriyaki Hayashi. (August 14, 2013). TrendLabs Security Intelligence Blog. “Chinese Underground Creates Tool Exploiting Apache Struts Vulnerability.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-underground-creates-tool-exploiting-apachestruts-vulnerability/. 29. Darin Dutcher. (September 4, 2013). TrendLabs Security Intelligence Blog. “Sykipot Now Targeting U.S. Civil Aviation Sector Information.” Last accessed October 29, 2013, http://blog.trendmicro.com/trendlabs-security-intelligence/sykipot-now-targeting-us-civil-aviation-sector-information/. 30. Trend Micro Incorporated. (2012) Threat Encyclopedia. “MSCOMCTL.OCX RCE Vulnerability (CVE-2012-0158).” Last accessed October 29, 2013, http://about-threats.trendmicro.com/us/vulnerability/2580/mscomctlocx%20rce%20vulnerability%20cve20120158. 21 | References
    • Created by: Global Technical Support & R&D Center of TREND MICRO TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an “as is” condition. Trend Micro Incorporated, a global leader in security software and solutions, strives to make the world safe for exchanging digital information. For more information, visit www.trendmicro.com. ©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.